package SV_CSRF_TOKEN;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Fixed {
    void doPost(HttpServletRequest req, HttpServletResponse resp) {
        if
        (req.getParameter("_csrf_token").equals(req.getSession().getAttribute("_csrf_token"))) {
            String action = req.getParameter("action");
            String id = req.getParameter("id");

            if ("update".equals(action)) {
                updateUser(id, req);
            }
            //...
        }
    }

    void updateUser(String id, HttpServletRequest req) {
        //...
    }

}
